samba - May 2002 - "Access denied", yet empty files written?

Hello, everyone

I've been overworking my brain on this problem all day, so now I plead
someone to help me.

Here's a description of the setup:

An NT4 domain, with workstations. SP 5 or so. (3+)
Linux servers unconnected to the domain, running Red Hat 7.1(Samba
2.0.10) and Red Hat 7.2 (Samba 2.2.1a). They are indiscrimating about
who the user connecting is - the share is the same, with universal
read/write. See below config files for details.

I've set up an NT workstation to push files to each of my two servers -
same files, same commands, just different ip's.

This all worked smoothly. When I upgraded the server with 7.2 from 7.0,
all of a sudden files started coming in empty. I started to investigate,
and realized that the workstation pushing gets "access denied".
I've
replicated this from my own NT4 workstation. If I copy the files from
the pusher to the 7.1 server, and it works. If I copy the files from the
pusher to the 7.2 server, it fails, telling me "access denied". If I
copy from the 7.1 server to the 7.2 server, it works, and vice versa.

All file permissions appear to be in order (777 for dirs, 666 for files
- I am in a safe environment, no need to choke on your coffee).

I suspect this problem has been reported before, but I haven't been able
to find any relevant information using searching and skimming, so I'm
resorting to this.

---

As promised, this is the configuration for the 7.1 server, as reported
by testparam:

# Global parameters
[global]
	coding system = 
	client code page = 850
	workgroup = EPN
	netbios name = 
	netbios aliases = 
	netbios scope = 
	server string = Samba Server
	interfaces = 
	bind interfaces only = No
	security = SHARE
	encrypt passwords = No
	update encrypted = No
	allow trusted domains = Yes
	hosts equiv = 
	min password length = 5
	map to guest = Never
	null passwords = No
	password server = 
	smb passwd file = /etc/samba/smbpasswd
	root directory = /
	passwd program = /bin/passwd
	passwd chat = *new*password* %n\n *new*password* %n\n *changed*
	passwd chat debug = No
	username map = 
	password level = 0
	username level = 0
	unix password sync = No
	restrict anonymous = No
	use rhosts = No
	debug level = 2
	syslog = 1
	syslog only = No
	log file = /var/log/samba/%m.log
	max log size = 0
	debug timestamp = Yes
	debug hires timestamp = No
	debug pid = No
	debug uid = No
	protocol = NT1
	read bmpx = No
	read raw = Yes
	write raw = Yes
	nt smb support = Yes
	nt pipe support = Yes
	nt acl support = Yes
	announce version = 4.2
	announce as = NT
	max mux = 50
	max xmit = 65535
	name resolve order = lmhosts host wins bcast
	max ttl = 259200
	max wins ttl = 518400
	min wins ttl = 21600
	time server = No
	change notify timeout = 60
	deadtime = 0
	getwd cache = Yes
	keepalive = 300
	lpq cache time = 10
	max disk size = 0
	max open files = 10000
	read prediction = No
	read size = 16384
	shared mem size = 1048576
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	stat cache size = 50
	load printers = Yes
	printcap name = /etc/printcap
	printer driver file = /etc/samba/printers.def
	strip dot = No
	character set = 
	mangled stack = 50
	stat cache = Yes
	domain groups = 
	domain admin group = 
	domain guest group = 
	domain admin users = 
	domain guest users = 
	machine password timeout = 604800
	add user script = 
	delete user script = 
	logon script = 
	logon path = \\%N\%U\profile
	logon drive = 
	logon home = \\%N\%U
	domain logons = No
	os level = 0
	lm announce = Auto
	lm interval = 60
	preferred master = No
	local master = No
	domain master = No
	browse list = Yes
	dns proxy = No
	wins proxy = No
	wins server = 
	wins support = No
	wins hook = 
	kernel oplocks = Yes
	ole locking compatibility = Yes
	oplock break wait time = 10
	smbrun = /usr/bin/smbrun
	config file = 
	auto services = 
	lock directory = /var/lock/samba
	default service = 
	message command = 
	dfree command = 
	valid chars = 
	remote announce = 193.161.3.255
	remote browse sync = 193.161.3.255
	socket address = 0.0.0.0
	homedir map = auto.home
	time offset = 0
	unix realname = No
	NIS homedir = No
	source environment = 
	panic action = 
	comment = 
	path = 
	revalidate = No
	username = guest
	guest account = nobody
	invalid users = 
	valid users = 
	admin users = 
	read list = 
	write list = 
	force user = 
	force group = 
	writeable = No
	create mask = 0744
	force create mode = 00
	security mask = -1
	force security mode = -1
	directory mask = 0755
	force directory mode = 00
	directory security mask = -1
	force directory security mode = -1
	inherit permissions = No
	guest only = No
	guest ok = No
	only user = No
	hosts allow = 
	hosts deny = 
	status = Yes

	max connections = 0
	min print space = 0
	strict sync = No
	sync always = No
	write cache size = 0
	printable = No
	postscript = No
	printing = bsd
	print command = lpr -r -P%p %s
	lpq command = lpq -P%p
	lprm command = lprm -P%p %j
	lppause command = 
	lpresume command = 
	queuepause command = 
	queueresume command = 
	printer = 
	printer driver = NULL
	printer driver location = 
	default case = lower
	case sensitive = No
	preserve case = Yes
	short preserve case = Yes
	mangle case = No
	mangling char = ~
	hide dot files = Yes
	delete veto files = No
	veto files = 
	hide files = 
	veto oplock files = 
	map system = No
	map hidden = No
	map archive = Yes
	mangled names = Yes
	mangled map = 
	browseable = Yes
	blocking locks = Yes
	fake oplocks = No
	locking = Yes
	oplocks = Yes
	level2 oplocks = No
	oplock contention limit = 2
	strict locking = No
	share modes = Yes
	copy = 
	include = 
	preexec = 
	preexec close = No
	postexec = 
	root preexec = 
	root preexec close = No
	root postexec = 
	available = Yes
	volume = 
	fstype = NTFS
	set directory = No
	wide links = Yes
	follow symlinks = Yes
	dont descend = 
	magic script = 
	magic output = 
	delete readonly = No
	dos filetimes = No
	dos filetime resolution = No
	fake directory create times = No

[homes]
	comment = Home Directories
	path = /home/%U
	writeable = Yes
	browseable = No

[s3]
	path = /opt/s3public
	username = nobody
	writeable = Yes
	create mask = 0666
	guest ok = Yes


-------


This is the configuration of the 7.2/2.2.1a server, as reported by
testparam:

# Global parameters
[global]
	coding system = 
	client code page = 850
	code page directory = /usr/share/samba/codepages
	workgroup = EPN
	netbios name = SECANAWS
	netbios aliases = 
	netbios scope = 
	server string = Samba Server
	interfaces = 
	bind interfaces only = No
	security = SHARE
	encrypt passwords = No
	update encrypted = No
	allow trusted domains = Yes
	hosts equiv = 
	min passwd length = 5
	map to guest = Never
	null passwords = No
	obey pam restrictions = No
	password server = 
	smb passwd file = /etc/samba/smbpasswd
	root directory = 
	pam password change = No
	passwd program = /bin/passwd
	passwd chat = *new*password* %n\n *new*password* %n\n *changed*
	passwd chat debug = No
	username map = 
	password level = 0
	username level = 0
	unix password sync = No
	restrict anonymous = No
	lanman auth = Yes
	use rhosts = No
	log level = 2
	syslog = 1
	syslog only = No
	log file = /var/log/samba/%m.log
	max log size = 0
	timestamp logs = Yes
	debug hires timestamp = No
	debug pid = No
	debug uid = No
	protocol = NT1
	large readwrite = No
	max protocol = NT1
	min protocol = CORE
	read bmpx = No
	read raw = Yes
	write raw = Yes
	nt smb support = Yes
	nt pipe support = Yes
	nt acl support = Yes
	announce version = 4.2
	announce as = NT
	max mux = 50
	max xmit = 65535
	name resolve order = lmhosts host wins bcast
	max packet = 65535
	max ttl = 259200
	max wins ttl = 518400
	min wins ttl = 21600
	time server = No
	change notify timeout = 60
	deadtime = 0
	getwd cache = Yes
	keepalive = 300
	lpq cache time = 10
	max smbd processes = 0
	max disk size = 0
	max open files = 10000
	read size = 16384
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	stat cache size = 50
	total print jobs = 0
	load printers = Yes
	printcap name = /etc/printcap
	enumports command = 
	addprinter command = 
	deleteprinter command = 
	show add printer wizard = Yes
	os2 driver map = 
	strip dot = No
	character set = 
	mangled stack = 50
	stat cache = Yes
	domain admin group = 
	domain guest group = 
	machine password timeout = 604800
	add user script = 
	delete user script = 
	logon script = 
	logon path = \\%N\%U\profile
	logon drive = 
	logon home = \\%N\%U
	domain logons = No
	os level = 0
	lm announce = Auto
	lm interval = 60
	preferred master = False
	local master = No
	domain master = False
	browse list = Yes
	enhanced browsing = Yes
	dns proxy = No
	wins proxy = No
	wins server = 
	wins support = No
	wins hook = 
	kernel oplocks = Yes
	oplock break wait time = 0
	add share command = 
	add share command = 
	change share command = 
	delete share command = 
	config file = 
	preload = 
	lock dir = /var/cache/samba
	default service = 
	message command = 
	dfree command = 
	valid chars = 
	remote announce = 193.161.3.255
	remote browse sync = 193.161.3.255
	socket address = 0.0.0.0
	homedir map = auto.home
	time offset = 0
	NIS homedir = No
	source environment = 
	panic action = 
	hide local users = No
	host msdfs = No
	winbind uid = 
	winbind gid = 
	template homedir = /home/%D/%U
	template shell = /bin/false
	winbind separator = \
	winbind cache time = 15
	comment = 
	path = 
	alternate permissions = No
	username = guest
	guest account = nobody
	invalid users = 
	valid users = 
	admin users = 
	read list = 
	write list = 
	printer admin = 
	force user = 
	force group = 
	read only = Yes
	create mask = 0744
	force create mode = 00
	security mask = 0777
	force security mode = 00
	directory mask = 0755
	force directory mode = 00
	directory security mask = 0777
	force directory security mode = 00
	inherit permissions = No
	guest only = No
	guest ok = No
	only user = No
	hosts allow = 
	hosts deny = 
	status = Yes
	max connections = 0
	min print space = 0
	strict sync = No
	sync always = No
	write cache size = 0
	max print jobs = 1000
	printable = No
	postscript = No
	printing = lprng
	print command = lpr -r -P%p %s
	lpq command = lpq -P%p
	lprm command = lprm -P%p %j
	lppause command = 
	lpresume command = 
	queuepause command = 
	queueresume command = 
	printer name = 
	printer driver = 
	printer driver file = /etc/samba/printers.def
	printer driver location = 
	default case = lower
	case sensitive = No
	preserve case = Yes
	short preserve case = Yes
	mangle case = No
	mangling char = ~
	hide dot files = Yes
	hide unreadable = No
	delete veto files = No
	veto files = 
	hide files = 
	veto oplock files = 
	map system = No
	map hidden = No
	map archive = Yes
	mangled names = Yes
	mangled map = 
	browseable = Yes
	blocking locks = Yes
	fake oplocks = No
	locking = Yes
	oplocks = Yes
	level2 oplocks = Yes
	oplock contention limit = 2
	posix locking = Yes
	strict locking = No
	share modes = Yes
	copy = 
	include = 
	exec = 
	preexec close = No
	postexec = 
	root preexec = 
	root preexec close = No
	root preexec close = No
	root postexec = 
	available = Yes
	volume = 
	fstype = NTFS
	set directory = No
	wide links = Yes
	follow symlinks = Yes
	dont descend = 
	magic script = 
	magic output = 
	delete readonly = No
	dos filemode = No
	dos filetimes = No
	dos filetime resolution = No
	fake directory create times = No
	vfs object = 
	vfs options = 
	msdfs root = No

[printers]
	comment = All Printers
	path = /var/spool/samba
	printable = Yes
	browseable = No

[s3]
	path = /opt/s3public
	username = nobody
	read only = No
	create mask = 0666
	guest ok = Yes




Mvh / Best Regards

Jens-Petter Salvesen
Risk Management, Europay Norway

Phone : +47 2332 5119
Mobile : +47 9829 7319
**********************************************************************
This e-mail and any attachments to it may contain confidential
information which is strictly intended for the use of the authorized
recipient.  If you have received this e-mail in error, please reply to
it in order to notify the sender, and then delete it.
Thank you for your cooperation.
**********************************************************************